package com.hk.web.core.config.shiro;

import com.hk.commons.session.RedisCacheManager;
import com.hk.commons.session.RedisSessionDAO;
import com.hk.web.core.credentials.RetryLimitCredentialsMatcher;
import com.hk.web.core.realm.ShiroRealm;
import org.apache.shiro.authz.Authorizer;
import org.apache.shiro.authz.ModularRealmAuthorizer;
import org.apache.shiro.cache.CacheManager;
import org.apache.shiro.session.mgt.SessionManager;
import org.apache.shiro.session.mgt.eis.SessionDAO;
import org.apache.shiro.spring.web.config.DefaultShiroFilterChainDefinition;
import org.apache.shiro.spring.web.config.ShiroFilterChainDefinition;
import org.apache.shiro.web.servlet.SimpleCookie;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
public class  ShiroConfig{

    private final static String SHIRO_REDIS_PREFIX = "hk:shiro:session:";
    private final static String SHIRO_REDIS_CACHE_PREFIX = "hk:shiro:cache:";

    @Bean
    public Authorizer authorizer(){
        return new ModularRealmAuthorizer();
    }


    @Bean("shiroRealm")
    public ShiroRealm realm() {
        ShiroRealm shiroRealm = new ShiroRealm();
        //自定义密码凭证
        shiroRealm.setCredentialsMatcher(new RetryLimitCredentialsMatcher());
        return shiroRealm;
    }

    @Bean
    public ShiroFilterChainDefinition shiroFilterChainDefinition() {
        DefaultShiroFilterChainDefinition chainDefinition = new DefaultShiroFilterChainDefinition();

        // logged in users with the 'admin' role

        // logged in users with the 'document:read' permission
//        chainDefinition.addPathDefinition("/docs/**", "authc, perms[document:read]");

        // all other paths require a logged in user
        chainDefinition.addPathDefinition("/manager/redis", "anon");
        chainDefinition.addPathDefinition("/manager/**", "authc");

        chainDefinition.addPathDefinition("/register", "anon");
        chainDefinition.addPathDefinition("/logout", "logout");
        chainDefinition.addPathDefinition("/login", "anon");
        chainDefinition.addPathDefinition("/chArea/**", "anon");
        chainDefinition.addPathDefinition("/**", "authc");
        return chainDefinition;
    }

    /**
     * 配置shiro redisManager
     * 使用的是shiro-redis开源插件
     *
     */
    @Bean
    public SessionDAO redisSessionDAO() {
        RedisSessionDAO redisSessionDAO = new RedisSessionDAO();
        redisSessionDAO.setKeyPrefix(SHIRO_REDIS_PREFIX);
        return redisSessionDAO;
    }

    @Bean
    public SessionManager sessionManager() {
        DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
        sessionManager.setGlobalSessionTimeout(6 * 100000L);
        sessionManager.setSessionDAO(redisSessionDAO());
        sessionManager.setCacheManager(cacheManager());
        return sessionManager;
    }

    @Bean
    public CacheManager cacheManager(){
        RedisCacheManager redisCacheManager = new RedisCacheManager();
        redisCacheManager.setKeyPrefix(SHIRO_REDIS_CACHE_PREFIX);
        //redis中针对不同用户缓存
        redisCacheManager.setPrincipalIdFieldName("username");
        //用户权限信息缓存时间 秒
//        redisCacheManager.setExpire(600);
        return redisCacheManager;
    }

    @Bean(name="sessionIdCookie")
    public SimpleCookie sessionIdCookie(){
        //cookie名
        SimpleCookie sessionIdCookie = new SimpleCookie();
        //有效时间
        sessionIdCookie.setHttpOnly(true);
        sessionIdCookie.setMaxAge(100);
//        sessionIdCookie.setDomain("/");
        return sessionIdCookie;
    }

}
